5. Null Byte Injection

Vulnerability description

When downloading files, null bytes may be inserted into filenames (via forging HTTP requests). As a result of the insertion, the string after the null byte will be dropped. The vulnerability allows attackers to bypass certain checks.